阳子
阳子
Published on 2024-05-31 / 320 Visits
0
0

部署Evilgophish

参考:使用Evilginx3和Gophish的AiTM网络钓鱼攻击

基础架构

2E764D24-7352-402C-ACE2-1B863F4B6FAF.webp

编译启动环境

克隆代码:从Github库中克隆代码或这下载压缩包上传服务器

git clone https://github.com/fin3ss3g0d/evilgophish.git

运行安装脚本:在终端中导航到evilgophish存储库的目录,并运行以下命令以安装依赖项并配置evilgophish:

./setup.sh [example.com] "[accounts myaccount]" false true [user_id]

请根据你的实际情况替换示例中的参数(执行过程会从Github中拉取文件,请自行解决网络问题)。

./setup.sh yangzihome.space "pish" false true 22db54d1-8c32-4131-8005-080173971679

启动GoPhish

  • 启动GoPhish:导航到GoPhish目录,并运行以下命令:

cd gophish
./gophish

配置Phishlets页面

目录/evilgophish/evilginx3/legacy_phishlets 中已存在部分Phishlets

7A253475-5420-4DC4-9C58-3F6FC20CA9FF.png

自建参考:https://bbs.yangzihome.space/archives/Evilginx3-Phishlets

下载最新:https://github.com/simplerhacking/Evilginx3-Phishlets

域名解析

注意:启动前请将需要伪造的域名进行泛域名解析,如果未解析,将无法获取TLS证书。

配置DNS泛解析的步骤:

  1. 登录到你的DNS服务提供商的控制台

  2. 找到你的域名管理页面,并进入DNS设置。

  3. 为指定的(子)域名添加一条新的A或NS记录

例如,在Cloudflare的DNS设置中,这可能看起来像这样:

  • 类型:A

  • 名称:*

  • IPv4地址:123.123.123.123

D1F1CB90-A142-4FE6-BBBB-CADC4B4BBE60.png

  • 类型:NS

  • 名称:*

  • 名称服务器:ns1.example.com

074484F1-EDB0-4D8C-AD90-B8686C22FDED.png

启动evilginx 创建伪造页面

确保将/home/evilgophish/gophish/gophish.db替换为GoPhish的数据库的完整路径;将/home/evilgophish/evilginx3/legacy_phishlets 替换为evilginx的Phishlets配置文件路径(文件请自行创建)。

注意:为确保数据库读取正常,请确保gophish.db文件的读写权限。

启动evilginx3 v3.2版本

./evilginx3 -g /home/evilgophish/gophish/gophish.db -p /home/evilgophish/evilginx3/legacy_phishlets/

                                        
                                             ___________      __ __           __               
                                             \_   _____/__  _|__|  |    ____ |__| ____ ___  ___
                                              |    __)_\  \/ /  |  |   / __ \|  |/    \\  \/  /
                                              |        \\   /|  |  |__/ /_/  >  |   |  \>    < 
                                             /_______  / \_/ |__|____/\___  /|__|___|  /__/\_ \
                                                     \/              /_____/         \/      \/
                                         
                                                        - --  Community Edition  -- -
                                         
                                               by Kuba Gretzky (@mrgretzky)     version 3.2.0
                                         

[13:25:11] [inf] Evilginx Mastery Course: https://academy.breakdev.org/evilginx-mastery (learn how to create phishlets)
[13:25:11] [inf] loading phishlets from: /home/evilgophish/evilginx3/legacy_phishlets/
[13:25:11] [inf] loading configuration from: /root/.evilginx
[13:25:11] [inf] blacklist mode set to: unauth
[13:25:11] [inf] unauthorized request redirection URL set to: https://www.youtube.com/watch?v=dQw4w9WgXcQ
[13:25:11] [inf] https port set to: 443
[13:25:11] [inf] dns port set to: 53
[13:25:11] [inf] autocert is now enabled
[13:25:12] [inf] blacklist: loaded 0 ip addresses and 0 ip masks
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'airbnb' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'airbnb' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'airbnb' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'airbnb' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o365' and 'o3652' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o365' and 'o3652' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o365' and 'o3652' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'abs.twimg.com' collision between 'twitter' and 'twitter-mobile' phishlets
[13:25:12] [war] phishlets: hostname 'api.twitter.com' collision between 'twitter' and 'twitter-mobile' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'citrix' and 'cisco-vpn' phishlets
[13:25:12] [war] phishlets: hostname 'abs.twimg.com' collision between 'twitter' and 'twitter-mobile' phishlets
[13:25:12] [war] phishlets: hostname 'api.twitter.com' collision between 'twitter' and 'twitter-mobile' phishlets
[13:25:12] [war] phishlets: hostname 'google.google.com' collision between 'coinbase' and 'airbnb' phishlets
[13:25:12] [war] phishlets: hostname 'www.google.com' collision between 'google' and 'coinbase' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'clients4.google.com' collision between 'google' and 'google' phishlets
[13:25:12] [war] phishlets: hostname 'subdomainhere.domainhere' collision between 'cisco-vpn' and 'citrix' phishlets
[13:25:12] [war] phishlets: hostname 'login.microsoftonline.com' collision between 'o3652' and 'o365' phishlets
[13:25:12] [war] phishlets: hostname 'booking.com' collision between 'booking' and 'booking' phishlets
[13:25:12] [war] server domain not set! type: config domain <domain>
[13:25:12] [war] server external ip not set! type: config ipv4 external <external_ipv4_address>
[13:25:12] [inf] obtaining and setting up 0 TLS certificates - please wait up to 60 seconds...
[13:25:12] [inf] successfully set up all TLS certificates

+-----------------+-----------+-------------+-----------+-------------+
|    phishlet     |  status   | visibility  | hostname  | unauth_url  |
+-----------------+-----------+-------------+-----------+-------------+
| airbnb          | disabled  | visible     |           |             |
| amazon          | disabled  | visible     |           |             |
| booking         | disabled  | visible     |           |             |
| cisco-vpn       | disabled  | visible     |           |             |
| citrix          | disabled  | visible     |           |             |
| coinbase        | disabled  | visible     |           |             |
| facebook        | disabled  | visible     |           |             |
| github          | disabled  | visible     |           |             |
| google          | disabled  | visible     |           |             |
| instagram       | disabled  | visible     |           |             |
| knowbe4         | disabled  | visible     |           |             |
| linkedin        | disabled  | visible     |           |             |
| o365            | disabled  | visible     |           |             |
| o3652           | disabled  | visible     |           |             |
| okta            | disabled  | visible     |           |             |
| onelogin        | disabled  | visible     |           |             |
| outlook         | disabled  | visible     |           |             |
| paypal          | disabled  | visible     |           |             |
| protonmail      | disabled  | visible     |           |             |
| reddit          | disabled  | visible     |           |             |
| tiktok          | disabled  | visible     |           |             |
| twitter         | disabled  | visible     |           |             |
| twitter-mobile  | disabled  | visible     |           |             |
| wordpress.org   | disabled  | visible     |           |             |
+-----------------+-----------+-------------+-----------+-------------+

:  

创建钓鱼Phishlet模板

输入命令检查已配置好的Phishlet模板

D678AB61-BA68-4ABB-B931-F5B786BDCE43.png

创建一个模板的子Phishlet,输入命令 phishlets 查看子Phishlet,如:amazon:aws ;可使用Tab键补全

 phishlets create <模板名称> <子名称>

启动Phishlet

phishlets enable 模板名称:子名称
phishlets enable 模板名称:子名称

删除Phishlet

phishlets delete 模板名称:子名称

7C0932CA-860C-4EE0-934D-33B068F340EC.png

创建钓鱼 Lure

查看已创建的Lure

B7B38672-EC67-48DF-98A4-6F736909FBE1.png

创建Lure

执行命令创建lure,创建的lure会分配一个ID

lures create <Phishlet> 

AAA1E5C1-77E9-4D20-B40D-1B46A822CDF0.png

删除Lure

执行命令删除lure,删除指定ID

lures delete <ID> 

创建URL

lures get-url <ID>

启动evilfeed(如果需要)

如果你选择了启用live feed,则需要启动evilfeed。导航到evilfeed目录,并运行以下命令:

cd evilfeed
./evilfeed

4、启动Cloudflare Turnstile(如果需要):如果你选择了使用Cloudflare Turnstile,则需要启动它。按照Cloudflare Turnstile设置部分的说明操作。

5、开始活动:一切准备就绪后,你可以从GoPhish启动你的社会工程活动,并监视活动进展。

使用 Evilginx3 创建伪造页面

  1. 运行 Evilginx3

    • 使用以下命令启动 Evilginx3,并指定 Gophish 的数据库路径和 Cloudflare Turnstile 的公钥和私钥:

      ./evilginx3 -feed -g /path/to/gophish.db -turnstile <PUBLIC_KEY>:<PRIVATE_KEY> -p /path/to/phishlets

      其中

      /path/to/gophish.db

      是你的 Gophish 数据库文件的路径,

      <PUBLIC_KEY>

      <PRIVATE_KEY>

      是你的 Cloudflare Turnstile 的公钥和私钥,

      /path/to/phishlets

      是你存储 Phishlet 的目录路径。

创建Cloudflare Turnstile

Cloudflare Turnstile的集成已经用“Apache2”取代了重定向规则和IP黑名单。“Apache2”方法依赖于预定义的重定向规则列表和IP黑名单。我们可能会错过某些最终检测到我们基础设施的用户代理、主机或IP地址。这通常是通过机器人和扫描网络钓鱼基础设施的自动化软件来完成的Cloudflare Turnstile的技术是在编写和验证实际用户访问您的网站时抵御机器人的最佳防御措施之一。

  1. 创建Cloudflare帐户

  2. 选择仪表板中的Turnstile选项卡

  3. 添加新网站并将域用于网络钓鱼网站/活动

  4. 用您自己的更改编辑eviginx3/templates/bidden.html&eviginX3/templates/turnstyle.html文件

  5. 当启动evilginx3, 包括带有Turnstile标志的公钥/私钥 :.。如:

./evilginx3 -feed -g ../gophish/gophish.db -turnstile <PUBLIC_KEY>:<PRIVATE_KEY>

Cloudflare Turnstile HTML模板指南

如果我要为 Cloudflare Turnstile 功能包含一个静态HTML页面,那么每个人的钓鱼基础设施都将拥有相同的页面,并且会导致静态HTML代码检测。这就是Go HTML模板的用处。我在 evilginx3/templates/turnstile.html 中包含了一个起始模板作为指南 您需要更改此内容。以下是模板代码设置的规则,如果不遵循这些规则,可能会导致破坏 Cloudflare Turnstile 功能:

  1. 您必须包含 {{.FormActionURL}}{{.ErrorMessage}}{{.TurnstilePublicKey}} 模板变量

  2. 用于提交 Turnstile 挑战的表单操作URL必须是 {{.FormActionURL}} 模板变量

  3. 用于 cf-turnstile div 类的 data-sitekey 值必须是 {{.TurnstilePublicKey}} 模板变量

  4. 您必须将模板保存在 evilginx3/templates/turnstile.html

  5. 用于提交挑战表单的按钮必须将其名称属性设置为 button

replace_rid.sh

如果您曾经运行过 setup.sh 并且已经替换了整个项目中的默认 RId 值,那么 replace_rid.sh 就是为了再次替换 RId 值而创建的。

arduino复制代码用法:
./replace_rid <previous rid> <new rid>
 - previous rid      - 要替换的先前 rid 值
 - new rid           - 要用来替换先前值的新 rid 值
示例:
  ./replace_rid.sh user_id 22db54d1-8c32-4131-8005-080173971679

二维码生成器

QR码生成器 功能允许您生成QR码,以部署QR码社会工程活动。以下是使用它的步骤:

  1. 在编辑电子邮件HTML模板时,现在可以包含 {{.QR}} 模板变量:

59B623E9-7C1E-40DF-B97D-259F8F84E5FC.png

  1. 在启动新的活动时,请输入QR码图片的大小:

1649021F-48BB-436C-B12D-E137025475FB.png

  1. 结果将类似于以下内容,但您可以根据需要调整尺寸:

CECB21B5-4477-4089-AB3A-CFB63777542E.png

请注意,此功能目前仅支持电子邮件活动和HTML电子邮件模板

短信钓鱼活动

为了通过Twilio提供短信活动支持,对GoPhish进行了全面的改造。您的新evilgophish仪表板将如下所示:

FED0AF3A-788B-4458-9EB6-083E6B9C3C83.png

运行setup.sh后,接下来的步骤是:

  1. 配置短信模板。您将仅在创建短信模板时使用文本,并且不应包含跟踪链接,因为它将出现在短信中。将信封发件人和主题留空,如下所示:

11F3F102-70AA-495F-B6AF-4520C9B56E08.png

  1. 配置短信发送配置文件,从Twilio、帐户SID和身份验证令牌中输入您的电话号码:

76EE1A4F-0FE5-4B91-83CE-4A2F600AF0BF.png

  1. 导入组;为了兼容,CSV模板值保持不变,因此CSV列名保持不变,并将目标电话号码放入电子邮件列中;请注意,Twilio接受以下电话号码格式,因此它们必须是以下三种格式之一:

F321ACE3-83AF-4AEA-9311-58EFC6A60A66.png

  1. 启动evilginx3并配置phishlet和lure (必须使用-g标志指定GoPhish sqlite3数据库的完整路径)

  2. 从GoPhish发起活动,并将登陆URL作为evilginx3 phishlet的诱饵路径

实时馈送设置

实时活动事件通知由本地websocket/http服务器和实时提要应用程序处理。要获取设置:

  1. Select true for feed bool when running setup.sh

  2. cd into the evilfeed directory and start the app with ./evilfeed

  3. When starting evilginx3, supply the -feed flag to enable the feed. For example:

./evilginx3 -feed -g /opt/evilgophish/gophish/gophish.db

  1. You can begin viewing the live feed at: http://localhost:1337/. The feed dashboard will look like below:

791BBF89-A62A-4E77-A69B-5C15D77144C3.png

IMPORTANT NOTES

  • The live feed page hooks a websocket for events with JavaScript and you DO NOT need to refresh the page. If you refresh the page, you will LOSE all events up to that point.

参考

https://github.com/fin3ss3g0d/evilgophish


Comment